175a1288a66477b0a5dad98108d54fb6_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

175a1288a66477b0a5dad98108d54fb6_JaffaCakes118
Size

200KB
MD5

175a1288a66477b0a5dad98108d54fb6
SHA1

24e192a1892fb7662c30507651212c8705491226
SHA256

2db9b037c4fa6e502315dd99ad38265336835121e4b6948a0799c4da40d80bb4
SHA512

587149567e6c34c25c83eb740cb88945aa3bd199a1bb87194ee59163d4814a7e3763efcd9e164c93f64aabd3ad4040d4444305d678eaf4216f8cffb0452bb0b1
SSDEEP

3072:19XST5kKN/S3BJXKgRpRDPSQEGBNt/9AIXNMujCTWMAIWXuINA/xl/I3U:Di9V1QkaLHtquGBW+yYxNR

Score

1^/10

Malware Config

Signatures

Files

175a1288a66477b0a5dad98108d54fb6_JaffaCakes118
.dll windows:5 windows x86 arch:x86

f2db34ff75270e43ff0745c217b9f057

Code Sign

34:c6:ea:f4:2b:3d:b4:5f:b9:62:50:51:80:42:ff:ba
Certificate

Issuer

CN=ZlKnsuNl90ujY9i

Not Before

21-03-2012 11:21

Not After

31-12-2039 23:59

Subject

CN=ZlKnsuNl90ujY9i

Extended Key Usages

ExtKeyUsageCodeSigning

b5:f0:25:63:8b:ea:78:0c:c8:49:24:52:63:35:f6:38:f1:19:98:ca
Signer

Actual PE Digest

b5:f0:25:63:8b:ea:78:0c:c8:49:24:52:63:35:f6:38:f1:19:98:ca

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualAlloc
GetProcAddress
LoadLibraryA
CreateFileA
lstrlenA
lstrcpyA
GetWindowsDirectoryA
AddAtomA
AddConsoleAliasW
CallNamedPipeA
CancelDeviceWakeupRequest
CloseHandle
CopyFileExW
CreateDirectoryW
CreateHardLinkW
CreateTimerQueue
DefineDosDeviceW
DeleteTimerQueueEx
DisconnectNamedPipe
DuplicateHandle
EnumLanguageGroupLocalesA
EnumResourceTypesW
EnumSystemLanguageGroupsA
FatalAppExitA
FileTimeToDosDateTime
FileTimeToLocalFileTime
FillConsoleOutputAttribute
FindNextFileW
FindVolumeClose
FlushViewOfFile
FreeEnvironmentStringsA
GetCPInfo
GetCPInfoExA
GetCommandLineA
GetConsoleAliasesA
GetConsoleCP
GetConsoleCursorInfo
GetConsoleFontSize
GetFileAttributesA
GetFullPathNameA
GetFullPathNameW
GetLongPathNameA
GetModuleFileNameW
GetModuleHandleW
GetNumberFormatW
GetProcessHeaps
GetQueuedCompletionStatus
GetSystemDefaultUILanguage
GetSystemInfo
GetTapePosition
GetTempFileNameW
GetThreadContext
GetUserDefaultLCID
GetUserDefaultUILanguage
GlobalAlloc
HeapDestroy
HeapLock
InterlockedExchange
IsSystemResumeAutomatic
IsValidCodePage
LoadLibraryExA
LocalReAlloc
LocalSize
OpenEventA
OpenMutexW
PeekConsoleInputA
QueryDosDeviceW
ReadConsoleInputW
ReadDirectoryChangesW
ReadFileScatter
ReplaceFileA
ReplaceFileW
SetCalendarInfoW
SetComputerNameA
SetComputerNameExW
SetConsoleCursor
SetConsoleMode
SetDefaultCommConfigW
SetFileApisToOEM
SetFileAttributesW
SetLocaleInfoW
SetMessageWaitingIndicator
SetPriorityClass
SetStdHandle
SetVolumeMountPointA
SizeofResource
SystemTimeToFileTime
TlsFree
TlsGetValue
UnhandledExceptionFilter
UnlockFile
VerLanguageNameW
WaitCommEvent
WaitForMultipleObjects
WriteConsoleInputW
WriteConsoleOutputA
WriteConsoleOutputCharacterA
WriteConsoleOutputCharacterW
WritePrivateProfileStructW
lstrcpyn

user32

GetSystemMetrics
LoadStringA
CallWindowProcA
CascadeWindows
ChangeClipboardChain
CharToOemW
CharUpperW
CheckRadioButton
CloseClipboard
CloseWindow
CopyAcceleratorTableA
CopyRect
CreateAcceleratorTableA
CreateCaret
CreateDesktopA
CreateIconIndirect
CreateMDIWindowW
DdeCreateDataHandle
DdeQueryNextServer
DdeUninitialize
DlgDirListW
DrawTextW
EmptyClipboard
EndPaint
EnumWindowStationsA
EnumWindowStationsW
FindWindowA
FlashWindow
GetAsyncKeyState
GetClipCursor
GetInputState
GetKBCodePage
GetKeyboardLayoutNameW
GetMenuState
GetMenuStringW
GetMessageTime
GetMouseMovePointsEx
GetParent
GetPropW
GetQueueStatus
GetScrollBarInfo
GetSubMenu
GetWindowTextW
HiliteMenuItem
IMPSetIMEW
InSendMessage
InsertMenuItemW
InsertMenuW
InvalidateRgn
IsCharAlphaNumericW
IsHungAppWindow
LoadMenuW
MapVirtualKeyW
MapWindowPoints
OemToCharW
OpenClipboard
OpenWindowStationW
PeekMessageW
PostThreadMessageW
RealGetWindowClassA
RegisterClassExA
RegisterDeviceNotificationA
RegisterDeviceNotificationW
RegisterWindowMessageA
RemovePropW
ReplyMessage
ScrollDC
ScrollWindowEx
SendIMEMessageExW
SetCapture
SetCaretPos
SetClipboardViewer
SetCursorPos
SetMenuInfo
SetMenuItemInfoA
SetSystemCursor
SetWindowPlacement
ShowCaret
ShowWindow
TabbedTextOutA
TabbedTextOutW
TileWindows
UnhookWindowsHook
UnpackDDElParam
WINNLSGetEnableStatus
WinHelpA
wsprintfA
ToUnicodeEx

ole32

UtConvertDvtd16toDvtd32
UpdateDCOMSettings
StringFromIID
StgPropertyLengthAsVariant
StgOpenStorageOnILockBytes
StgIsStorageFile
StgCreateStorageEx
StgCreateDocfile
SetDocumentBitStg
STGMEDIUM_UserUnmarshal
STGMEDIUM_UserFree
SNB_UserUnmarshal
ReadOleStg
PropStgNameToFmtId
OleSetContainedObject
OleSetAutoConvert
OleSave
OleRun
OleRegGetUserType
OleRegGetMiscStatus
OleIsRunning
OleInitializeWOW
OleInitialize
OleGetIconOfFile
OleGetAutoConvert
OleDoAutoConvert
OleCreateMenuDescriptor
OleCreateLinkToFileEx
OleCreateLinkFromData
OleCreateFromFileEx
OleCreateFromDataEx
OleConvertOLESTREAMToIStorage
OleConvertIStorageToOLESTREAM
MonikerRelativePathTo
MkParseDisplayName
IsAccelerator
IIDFromString
HWND_UserSize
HPALETTE_UserSize
HPALETTE_UserFree
HMETAFILEPICT_UserSize
HMENU_UserUnmarshal
HMENU_UserMarshal
HICON_UserUnmarshal
HICON_UserFree
HENHMETAFILE_UserSize
HENHMETAFILE_UserMarshal
HDC_UserUnmarshal
HDC_UserMarshal
HBRUSH_UserUnmarshal
HBRUSH_UserFree
HBITMAP_UserUnmarshal
HBITMAP_UserSize
HBITMAP_UserMarshal
GetHookInterface
GetClassFile
FmtIdToPropStgName
DllDebugObjectRPCHook
CreateStdProgressIndicator
CreateClassMoniker
CreateBindCtx
CoWaitForMultipleHandles
CoUnmarshalInterface
CoUnmarshalHresult
CoUninitialize
CoSwitchCallContext
CoSuspendClassObjects
CoRevokeMallocSpy
CoRevokeClassObject
CoResumeClassObjects
CoReleaseServerProcess
CoReleaseMarshalData
CoRegisterSurrogateEx
CoRegisterPSClsid
CoRegisterMallocSpy
CoQueryAuthenticationServices
CoMarshalInterThreadInterfaceInStream
CoMarshalHresult
CoInitializeWOW
CoInitializeEx
CoGetPSClsid
CoGetObjectContext
CoGetMarshalSizeMax
CoGetApartmentID
CoFreeAllLibraries
CoAddRefServerProcess
CLSIDFromProgIDEx

oleaut32

VectorFromBstr
VariantTimeToSystemTime
VarXor
VarUI4FromI1
VarUI4FromCy
VarUI2FromStr
VarUI2FromDec
VarUI2FromBool
VarUI1FromUI2
VarUI1FromI4
VarUI1FromDate
VarR8Round
VarR8FromR4
VarR8FromI1
VarR4FromDec
VarR4CmpR8
VarParseNumFromStr
VarNumFromParseNum
VarNeg
VarMul
VarMonthName
VarIdiv
VarI4FromDisp
VarI2FromUI4
VarI2FromR4
VarI2FromCy
VarI1FromStr
VarI1FromR4
VarI1FromI4
VarFormatPercent
VarFormatDateTime
VarDiv
VarDecSu
VarDecMul
VarDecFromStr
VarDecFromR4
VarDecFromDate
VarDecCmp
VarDateFromR8
VarDateFromR4
VarDateFromDisp
VarDateFromDec
VarDateFromBool
VarCyMulI4
VarCyFromUI4
VarCyFromUI2
VarCyFromR8
VarCyFromDisp
VarCyFix
VarCyAdd
VarCyAbs
VarBstrFromR8
VarBstrFromR4
VarBstrFromI4
VarBstrFromDisp
VarBstrFromDec
VarBstrFromDate
VarBoolFromStr
VarBoolFromI4
VarBoolFromI1
VarBoolFromCy
VarAbs
VARIANT_UserUnmarshal
VARIANT_UserMarshal
SysReAllocString
SysFreeString
SysAllocString
SafeArraySetRecordInfo
SafeArrayPtrOfIndex
SafeArrayCreateVector
SafeArrayCopy
QueryPathOfRegTypeLi
OleSavePictureFile
OleLoadPicturePath
OleLoadPictureFile
OleLoadPicture
OleCreatePictureIndirect
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_Unmarshal
LPSAFEARRAY_Marshal
LHashValOfNameSysA
GetAltMonthNames
DispGetParam
BstrFromVector
BSTR_UserMarshal
BSTR_UserFree

Sections

.text
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f2db34ff75270e43ff0745c217b9f057

Code Sign

34:c6:ea:f4:2b:3d:b4:5f:b9:62:50:51:80:42:ff:baCertificate

Extended Key Usages

b5:f0:25:63:8b:ea:78:0c:c8:49:24:52:63:35:f6:38:f1:19:98:caSigner

Headers

File Characteristics

Imports

kernel32

user32

ole32

oleaut32

Sections

.text Size: 191KB - Virtual size: 190KB

.data Size: 512B - Virtual size: 148B

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 2KB - Virtual size: 2KB

34:c6:ea:f4:2b:3d:b4:5f:b9:62:50:51:80:42:ff:ba
Certificate

b5:f0:25:63:8b:ea:78:0c:c8:49:24:52:63:35:f6:38:f1:19:98:ca
Signer

.text
Size: 191KB - Virtual size: 190KB

.data
Size: 512B - Virtual size: 148B

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 2KB - Virtual size: 2KB